Remove httpSecurity.oauth2Login().userInfoEndpoint().userNameAttributeName()
Related gh-4580
This commit is contained in:
Joe Grandja
parent
814742fef6
commit
b463f8e6b5
|
|
@ -65,7 +65,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
|
|||
private SecurityTokenRepository<AccessToken> accessTokenRepository;
|
||||
private OAuth2UserService userInfoService;
|
||||
private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
|
||||
private Map<URI, String> userNameAttributeNames = new HashMap<>();
|
||||
private GrantedAuthoritiesMapper userAuthoritiesMapper;
|
||||
|
||||
AuthorizationCodeAuthenticationFilterConfigurer() {
|
||||
|
|
@ -105,13 +104,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
|
|||
return this;
|
||||
}
|
||||
|
||||
AuthorizationCodeAuthenticationFilterConfigurer<H, R> userNameAttributeName(String userNameAttributeName, URI userInfoUri) {
|
||||
Assert.hasText(userNameAttributeName, "userNameAttributeName cannot be empty");
|
||||
Assert.notNull(userInfoUri, "userInfoUri cannot be null");
|
||||
this.userNameAttributeNames.put(userInfoUri, userNameAttributeName);
|
||||
return this;
|
||||
}
|
||||
|
||||
AuthorizationCodeAuthenticationFilterConfigurer<H, R> userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
|
||||
Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
|
||||
this.userAuthoritiesMapper = userAuthoritiesMapper;
|
||||
|
|
@ -135,7 +127,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
|
|||
|
||||
@Override
|
||||
public void init(H http) throws Exception {
|
||||
this.initUserNameAttributeNames();
|
||||
AuthorizationCodeAuthenticationProvider authenticationProvider = new AuthorizationCodeAuthenticationProvider(
|
||||
this.getAuthorizationCodeTokenExchanger(), this.getAccessTokenRepository(),
|
||||
this.getProviderJwtDecoderRegistry(), this.getUserInfoService());
|
||||
|
|
@ -163,20 +154,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
|
|||
this.authorizationResponseMatcher : this.getAuthenticationFilter().getAuthorizationResponseMatcher());
|
||||
}
|
||||
|
||||
private void initUserNameAttributeNames() {
|
||||
OAuth2LoginConfigurer.getClientRegistrationRepository(this.getBuilder()).getRegistrations().forEach(registration -> {
|
||||
if (StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUri()) &&
|
||||
StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())) {
|
||||
|
||||
URI userInfoUri = URI.create(registration.getProviderDetails().getUserInfoEndpoint().getUri());
|
||||
if (!this.userNameAttributeNames.containsKey(userInfoUri)) {
|
||||
this.userNameAttributeNames.put(
|
||||
userInfoUri, registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName());
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> getAuthorizationCodeTokenExchanger() {
|
||||
if (this.authorizationCodeTokenExchanger == null) {
|
||||
this.authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
|
||||
|
|
@ -229,9 +206,7 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
|
|||
private OAuth2UserService getUserInfoService() {
|
||||
if (this.userInfoService == null) {
|
||||
List<OAuth2UserService> oauth2UserServices = new ArrayList<>();
|
||||
if (!this.userNameAttributeNames.isEmpty()) {
|
||||
oauth2UserServices.add(new DefaultOAuth2UserService(this.userNameAttributeNames));
|
||||
}
|
||||
oauth2UserServices.add(new DefaultOAuth2UserService());
|
||||
if (this.isOidcClientRegistered()) {
|
||||
oauth2UserServices.add(new OidcUserService());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,14 +20,14 @@ import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
|||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
|
||||
import org.springframework.security.oauth2.client.user.OAuth2UserService;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
|
||||
import org.springframework.security.oauth2.core.AccessToken;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
|
|
@ -194,13 +194,6 @@ public final class OAuth2LoginConfigurer<H extends HttpSecurityBuilder<H>> exten
|
|||
return this;
|
||||
}
|
||||
|
||||
public UserInfoEndpointConfig userNameAttributeName(String userNameAttributeName, URI userInfoUri) {
|
||||
Assert.hasText(userNameAttributeName, "userNameAttributeName cannot be empty");
|
||||
Assert.notNull(userInfoUri, "userInfoUri cannot be null");
|
||||
OAuth2LoginConfigurer.this.authorizationCodeAuthenticationFilterConfigurer.userNameAttributeName(userNameAttributeName, userInfoUri);
|
||||
return this;
|
||||
}
|
||||
|
||||
public OAuth2LoginConfigurer<H> and() {
|
||||
return OAuth2LoginConfigurer.this;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,17 +18,16 @@ package org.springframework.security.oauth2.client.user;
|
|||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.user.nimbus.NimbusUserInfoRetriever;
|
||||
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
|
||||
import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
|
|
@ -36,8 +35,8 @@ import java.util.Set;
|
|||
* An implementation of an {@link OAuth2UserService} that supports standard <i>OAuth 2.0 Provider's</i>.
|
||||
* <p>
|
||||
* For standard <i>OAuth 2.0 Provider's</i>, the attribute name (from the <i>UserInfo Response</i>)
|
||||
* for the <i>"user's name"</i> is required. This is supplied via the constructor,
|
||||
* mapped by <code>URI</code>, which represents the <i>UserInfo Endpoint</i> address.
|
||||
* for the <i>"user's name"</i> is required and therefore must be supplied via
|
||||
* {@link ClientRegistration.ProviderDetails.UserInfoEndpoint#getUserNameAttributeName()}.
|
||||
* <p>
|
||||
* <b>NOTE:</b> Attribute names are <b><i>not</i></b> standardized between providers and therefore will vary.
|
||||
* Please consult the provider's API documentation for the set of supported user attribute names.
|
||||
|
|
@ -52,12 +51,9 @@ import java.util.Set;
|
|||
* @see UserInfoRetriever
|
||||
*/
|
||||
public class DefaultOAuth2UserService implements OAuth2UserService {
|
||||
private final Map<URI, String> userNameAttributeNames;
|
||||
private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
|
||||
|
||||
public DefaultOAuth2UserService(Map<URI, String> userNameAttributeNames) {
|
||||
Assert.notEmpty(userNameAttributeNames, "userNameAttributeNames cannot be empty");
|
||||
this.userNameAttributeNames = Collections.unmodifiableMap(new LinkedHashMap<>(userNameAttributeNames));
|
||||
public DefaultOAuth2UserService() {
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -66,12 +62,12 @@ public class DefaultOAuth2UserService implements OAuth2UserService {
|
|||
return null;
|
||||
}
|
||||
|
||||
URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
|
||||
if (!this.getUserNameAttributeNames().containsKey(userInfoUri)) {
|
||||
String userNameAttributeName = clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
|
||||
if (!StringUtils.hasText(userNameAttributeName)) {
|
||||
throw new IllegalArgumentException(
|
||||
"Missing required \"user name\" attribute name for UserInfo Endpoint: " + userInfoUri.toString());
|
||||
"Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " +
|
||||
clientAuthentication.getClientRegistration().getRegistrationId());
|
||||
}
|
||||
String userNameAttributeName = this.getUserNameAttributeNames().get(userInfoUri);
|
||||
|
||||
Map<String, Object> userAttributes = this.getUserInfoRetriever().retrieve(clientAuthentication);
|
||||
GrantedAuthority authority = new OAuth2UserAuthority(userAttributes);
|
||||
|
|
@ -81,10 +77,6 @@ public class DefaultOAuth2UserService implements OAuth2UserService {
|
|||
return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName);
|
||||
}
|
||||
|
||||
protected Map<URI, String> getUserNameAttributeNames() {
|
||||
return this.userNameAttributeNames;
|
||||
}
|
||||
|
||||
protected UserInfoRetriever getUserInfoRetriever() {
|
||||
return this.userInfoRetriever;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue